<?php
//**********************************************//
// WebTrust Cyrpto Portal 			//
//						//
// by Ryan Hunt <admin@nayr.net>		//
// http://webtru.st				//
// 						//
// Prototype Version - 0.1			//
//**********************************************//

// Configure Options

$wgetquota = "2m";	// Maximum Filesize to Fetch
$recipentip = $_SERVER["HTTP_X_FORWARDED_FOR"]; // use $_SERVER["REMOTE_ADDR"] if not behind proxy
$mailheaders = 'From: crypto-portal@webtru.st' . "\r\n" .
    'Reply-To: do-not-reply@webtru.st' . "\r\n" .
    'X-Mailer: PHP/WebTrust Crypto Portal';


// Defie Variables
$token = $_POST['token'];
$emailverify = $_POST['emailverify'];
$fileid = escapeshellarg(substr($token,0,8));
$tokenkey = escapeshellarg(substr($token,8));
$tokenfile = "upload/" . $fileid . ".cpt";
$wgetfile = "upload/" . $fileid . ".wget";
$getfile = "download/" . $fileid . ".crypt";

// Includes
include_once 'validate-email.php';

// Command to decrypt tokenfile with tokenkey
$exec = "echo ".$tokenkey."|ccrypt -c -f -k - ".$tokenfile;
exec($exec,$inst,$return);
if ($return > "0") {
	echo "[ERROR] Token not found or Invalid";
	exit;
}

// Token Line: 1 Verification **TODO: Add Hostmask checking
if ($inst[0] != "null" ) {
	$recipent_verification = escapeshellcmd($inst[0]);
	if (validEmail($recipent_verification)) {
		$emailtoken = sha1($recipentip.$recipent_verification.$token);
		if  ("$emailverify" == "") {
			$verifymsg = "Copy/Paste this token to the crypto-portal to verify your email (valid 1h):\n" . $emailtoken
			. "\n\n\nMessage from <".$inst[1]."> :\n" . escapeshellcmd($inst[2]);
			mail($recipent_verification, "[WebTru.st] Validate Email", $verifymsg, $mailheaders);
			include_once 'email-token.php';
			exit;
		} else if  ("$emailverify" == "$emailtoken") {
			//echo "Passed email validation";
		} else {
			echo "[ERROR] Token Valid but email verification Failed";
			exit;
		}
	}else if ("$recipent_verification" == "$recipentip") {
		echo "PASSED IP VERIFICATION";
		exit;
	} else {
		echo "[ERROR] Token Valid but verification Failed";
		exit;
	}

}


// Write URL of file to list for wget (needed for quotas)
$fh = fopen($wgetfile, 'w') or die("[ERROR] writing download info");
fwrite($fh, $inst[4]);
fclose($fh);

// Strip .cpt from remote filename, if no extention make it a .txt
$origname = str_replace(".cpt","",basename($inst[4]));
$orignext = strpos($origname,".");
	if ($orignext == "0") { $origname = $origname . ".txt"; }
// Download Remote File
$exec= "wget -Q" .escapeshellarg($wgetquota). " -i " .escapeshellarg($wgetfile). " -O " .escapeshellarg($getfile);
exec($exec,$wgetout,$return);
// Delete wget list
unlink($wgetfile);
// Check for errors
if ($return > "0") {
	if ($return = "1") { $errmsg = "GENERIC"; }
	if ($return = "2") { $errmsg = "CLI-PARSE"; }
	if ($return = "3") { $errmsg = "FILE-IO"; }
	if ($return = "4") { $errmsg = "NETWORK-ISSUE"; }
	if ($return = "5") { $errmsg = "SSL-FAIL"; }
	if ($return = "6") { $errmsg = "AUTH-FAIL"; }
	if ($return = "7") { $errmsg = "PROTO-ERROR"; }
	if ($return = "8") { $errmsg = "REMOTE-SERVER-ERROR"; }

	echo "[ERROR] Could not download remote file.. (".$errmsg.")";
	exit;
}


// Send email notification of token use
if (("$inst[1]" != "null") || (validEmail($inst[1]))) {
	$notifymsg = $origname." has been accessed by: ".$recipentip;
        if (validEmail($recipent_verification)) {
		$notifymsg = $notifymsg  .  "\nEmail Vaidated: ". $recipent_verification;
	}
	mail($inst[1], "[WebTru.st] File Accessed", $notifymsg, $mailheaders);
}

// Embed Media into page or present it as a download?
if ("$inst[3]" == "0") {
	header('Content-Disposition: attachment; filename="'.$origname.'"');
} else {
	header('Content-type: '.escapeshellcmd($inst[3]));
}

// Decrypt local file
$exec = "echo ".$inst[5]."|ccrypt -c -f -k - ".$getfile;
passthru($exec);
// Delete local encrypted files
unlink($getfile);
?>
